CVE-2021-46781 – Coming Soon by Supsystic < 1.7.6 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-46781

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Coming Soon by Supsystic de WordPress versiones anteriores a 1.7.6, no sanea y escapa del parámetro tab antes de devolverlo a un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/49589867-f764-4c4a-b640-84973c673b23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •